New Developments in OTP Authentication Hardware

Nick Smith |
19 gennaio 2017 |
One-time PasswordOTPAuthentication

Despite the emergence of mobile-based authentication technologies and the convenience they offer, organisations concerned with security continue to embrace the humble One-Time Password (OTP) token and the security it brings.

The last few years have seen big moves in the digital security sector. While much focus has been placed on new, often mobile-based,
authentication mechanisms, the traditional One-Time Password token (OTP token) is still proving itself to be a mainstay of the
strong authentication market.

The convenience of software authentication apps, including OTP generators such as Google Authenticator, is obvious. Having an authentication
app on the device you already carry avoids the need to carry extra hardware around with you. If you were to lose your phone chances are you
will notice quite quickly.

But smartphones are open to numerous vulnerablites and attack vectors. Apps must store keying data locally and that can be compromised by devices
becoming infected with malware, jailbroken or rooted.

These issues go a long way to explain why dedicated hardware OTP tokens are still in demand and why the industry is still buying them at pace.

With continued demand comes innovation. The newest development in the OTP world is the OTP display card - an OATH-compliant ISO 7810 ID-1 (credit card size) OTP token that is perfect for
carrying in your wallet or purse. These OTP cards feature a high-contrast EPD (eInk) display, commonly found on
e-readers such as the Amazon Kindle. In addition to this the
new cards default to using SHA-256 in the HOTP/TOTP algorithms over the default SHA-1 used by older tokens.